DevOps purists may chafe at the DevSecOps term given that security and other important practices are supposed to already be an integral part of routine DevOps workflows. But the reality is that security often gets more lip service than thoughtful and systematic integration. This despite a threat environment, distributed development teams, and rapid iterative releases requiring security approaches that are continuous, adaptive, and heavily automated. Red Hat’s expertise with open source software and practices offers direct lessons for DevSecOps. In this session, we’ll look at successful practices that distributed and diverse teams use to iterate rapidly. While still reacting quickly to threats and minimizing business risk. We’ll discuss how modern container platforms, like OpenShift, can serve as the foundation for DevSecOps in your organization. We’ll also consider the risk management associated with integrating components from a variety of sources–another consideration that open source has had since the beginning. Finally, we’ll show ways by which automation using tools and repeatable trusted delivery of code can be built directly into a DevOps pipeline.
William is a senior consulting engineer at Red Hat and works on DevOps and DevSecOps strategy. He was a contributor to the Docker project and Project Atomic and has contributed to a couple of books on Linux container technology. He is a regular speaker at various open source and other industry events.